Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rework the sshd rules to make a bit more sense. #786

Merged
merged 2 commits into from
Apr 1, 2016
Merged

Rework the sshd rules to make a bit more sense. #786

merged 2 commits into from
Apr 1, 2016

Conversation

ddpbsd
Copy link
Member

@ddpbsd ddpbsd commented Mar 28, 2016

5752 -> 5750 - This seems like a better catch-all
5750 -> 5752 - Making this rely on the "new" 5750 is cleaner (more similar to 5753).
5753 now if_sids 5750

Prompted by @jesuslinares in Issue #785

Rework the rules to make a bit more sense.
7968947 
5752 -> 5750 - This seems like a better catch-all
5750 -> 5752 - Making this rely on the "new" 5750 is cleaner (more
  similar to 5753).
5753 now if_sids 5750
@atomicturtle atomicturtle merged commit c5e9c72 into ossec:master Apr 1, 2016
@colinmollenhour
Copy link

On one of my Ubuntu 12.04 systems (OpenSSH_5.9p1...) an error that isn't caught by these new SSH rules goes like this:

Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s): Apr 18 21:27:08 web2 sshd[23484]: fatal: Unable to negotiate a key exchange method [preauth]

ddpbsd added a commit to ddpbsd/ossec-hids that referenced this pull request Apr 19, 2016
@ddpbsd
Adjust the rules to handle a log message provided by @colinmollenhour
32e52c9 
in PR ossec#786.
ddpbsd added a commit to ddpbsd/ossec-hids that referenced this pull request Apr 19, 2016
@ddpbsd
Test for the log message provided in PR ossec#786.
7133703
@ddpbsd ddpbsd mentioned this pull request Apr 19, 2016
Merged
@ddpbsd
Copy link
Member Author

ddpbsd commented Apr 19, 2016

@colinmollenhour Thanks! I think PR #805 should fix it

ddpbsd added a commit to ddpbsd/ossec-hids that referenced this pull request May 2, 2016
@ddpbsd
Redo commit 7133703
55a164f 
Test for the log message provided in PR ossec#786.
@ddpbsd ddpbsd deleted the sshd_rules branch November 26, 2018 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement Rules & Decoders
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ddpbsd @colinmollenhour @atomicturtle